USB: reorganize urb->status use in usbmon
[linux-2.6] / drivers / macintosh / adb.c
1 /*
2  * Device driver for the Apple Desktop Bus
3  * and the /dev/adb device on macintoshes.
4  *
5  * Copyright (C) 1996 Paul Mackerras.
6  *
7  * Modified to declare controllers as structures, added
8  * client notification of bus reset and handles PowerBook
9  * sleep, by Benjamin Herrenschmidt.
10  *
11  * To do:
12  *
13  * - /sys/bus/adb to list the devices and infos
14  * - more /dev/adb to allow userland to receive the
15  *   flow of auto-polling datas from a given device.
16  * - move bus probe to a kernel thread
17  */
18
19 #include <linux/types.h>
20 #include <linux/errno.h>
21 #include <linux/kernel.h>
22 #include <linux/slab.h>
23 #include <linux/module.h>
24 #include <linux/fs.h>
25 #include <linux/mm.h>
26 #include <linux/sched.h>
27 #include <linux/smp_lock.h>
28 #include <linux/adb.h>
29 #include <linux/cuda.h>
30 #include <linux/pmu.h>
31 #include <linux/notifier.h>
32 #include <linux/wait.h>
33 #include <linux/init.h>
34 #include <linux/delay.h>
35 #include <linux/spinlock.h>
36 #include <linux/completion.h>
37 #include <linux/device.h>
38
39 #include <asm/uaccess.h>
40 #include <asm/semaphore.h>
41 #ifdef CONFIG_PPC
42 #include <asm/prom.h>
43 #include <asm/machdep.h>
44 #endif
45
46
47 EXPORT_SYMBOL(adb_controller);
48 EXPORT_SYMBOL(adb_client_list);
49
50 extern struct adb_driver via_macii_driver;
51 extern struct adb_driver via_maciisi_driver;
52 extern struct adb_driver via_cuda_driver;
53 extern struct adb_driver adb_iop_driver;
54 extern struct adb_driver via_pmu_driver;
55 extern struct adb_driver macio_adb_driver;
56
57 static struct adb_driver *adb_driver_list[] = {
58 #ifdef CONFIG_ADB_MACII
59         &via_macii_driver,
60 #endif
61 #ifdef CONFIG_ADB_MACIISI
62         &via_maciisi_driver,
63 #endif
64 #ifdef CONFIG_ADB_CUDA
65         &via_cuda_driver,
66 #endif
67 #ifdef CONFIG_ADB_IOP
68         &adb_iop_driver,
69 #endif
70 #if defined(CONFIG_ADB_PMU) || defined(CONFIG_ADB_PMU68K)
71         &via_pmu_driver,
72 #endif
73 #ifdef CONFIG_ADB_MACIO
74         &macio_adb_driver,
75 #endif
76         NULL
77 };
78
79 static struct class *adb_dev_class;
80
81 struct adb_driver *adb_controller;
82 BLOCKING_NOTIFIER_HEAD(adb_client_list);
83 static int adb_got_sleep;
84 static int adb_inited;
85 static pid_t adb_probe_task_pid;
86 static DECLARE_MUTEX(adb_probe_mutex);
87 static struct completion adb_probe_task_comp;
88 static int sleepy_trackpad;
89 static int autopoll_devs;
90 int __adb_probe_sync;
91
92 #ifdef CONFIG_PM_SLEEP
93 static void adb_notify_sleep(struct pmu_sleep_notifier *self, int when);
94 static struct pmu_sleep_notifier adb_sleep_notifier = {
95         adb_notify_sleep,
96         SLEEP_LEVEL_ADB,
97 };
98 #endif
99
100 static int adb_scan_bus(void);
101 static int do_adb_reset_bus(void);
102 static void adbdev_init(void);
103 static int try_handler_change(int, int);
104
105 static struct adb_handler {
106         void (*handler)(unsigned char *, int, int);
107         int original_address;
108         int handler_id;
109         int busy;
110 } adb_handler[16];
111
112 /*
113  * The adb_handler_sem mutex protects all accesses to the original_address
114  * and handler_id fields of adb_handler[i] for all i, and changes to the
115  * handler field.
116  * Accesses to the handler field are protected by the adb_handler_lock
117  * rwlock.  It is held across all calls to any handler, so that by the
118  * time adb_unregister returns, we know that the old handler isn't being
119  * called.
120  */
121 static DECLARE_MUTEX(adb_handler_sem);
122 static DEFINE_RWLOCK(adb_handler_lock);
123
124 #if 0
125 static void printADBreply(struct adb_request *req)
126 {
127         int i;
128
129         printk("adb reply (%d)", req->reply_len);
130         for(i = 0; i < req->reply_len; i++)
131                 printk(" %x", req->reply[i]);
132         printk("\n");
133
134 }
135 #endif
136
137
138 static __inline__ void adb_wait_ms(unsigned int ms)
139 {
140         if (current->pid && adb_probe_task_pid &&
141           adb_probe_task_pid == current->pid)
142                 msleep(ms);
143         else
144                 mdelay(ms);
145 }
146
147 static int adb_scan_bus(void)
148 {
149         int i, highFree=0, noMovement;
150         int devmask = 0;
151         struct adb_request req;
152         
153         /* assumes adb_handler[] is all zeroes at this point */
154         for (i = 1; i < 16; i++) {
155                 /* see if there is anything at address i */
156                 adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
157                             (i << 4) | 0xf);
158                 if (req.reply_len > 1)
159                         /* one or more devices at this address */
160                         adb_handler[i].original_address = i;
161                 else if (i > highFree)
162                         highFree = i;
163         }
164
165         /* Note we reset noMovement to 0 each time we move a device */
166         for (noMovement = 1; noMovement < 2 && highFree > 0; noMovement++) {
167                 for (i = 1; i < 16; i++) {
168                         if (adb_handler[i].original_address == 0)
169                                 continue;
170                         /*
171                          * Send a "talk register 3" command to address i
172                          * to provoke a collision if there is more than
173                          * one device at this address.
174                          */
175                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
176                                     (i << 4) | 0xf);
177                         /*
178                          * Move the device(s) which didn't detect a
179                          * collision to address `highFree'.  Hopefully
180                          * this only moves one device.
181                          */
182                         adb_request(&req, NULL, ADBREQ_SYNC, 3,
183                                     (i<< 4) | 0xb, (highFree | 0x60), 0xfe);
184                         /*
185                          * See if anybody actually moved. This is suggested
186                          * by HW TechNote 01:
187                          *
188                          * http://developer.apple.com/technotes/hw/hw_01.html
189                          */
190                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
191                                     (highFree << 4) | 0xf);
192                         if (req.reply_len <= 1) continue;
193                         /*
194                          * Test whether there are any device(s) left
195                          * at address i.
196                          */
197                         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
198                                     (i << 4) | 0xf);
199                         if (req.reply_len > 1) {
200                                 /*
201                                  * There are still one or more devices
202                                  * left at address i.  Register the one(s)
203                                  * we moved to `highFree', and find a new
204                                  * value for highFree.
205                                  */
206                                 adb_handler[highFree].original_address =
207                                         adb_handler[i].original_address;
208                                 while (highFree > 0 &&
209                                        adb_handler[highFree].original_address)
210                                         highFree--;
211                                 if (highFree <= 0)
212                                         break;
213
214                                 noMovement = 0;
215                         }
216                         else {
217                                 /*
218                                  * No devices left at address i; move the
219                                  * one(s) we moved to `highFree' back to i.
220                                  */
221                                 adb_request(&req, NULL, ADBREQ_SYNC, 3,
222                                             (highFree << 4) | 0xb,
223                                             (i | 0x60), 0xfe);
224                         }
225                 }       
226         }
227
228         /* Now fill in the handler_id field of the adb_handler entries. */
229         printk(KERN_DEBUG "adb devices:");
230         for (i = 1; i < 16; i++) {
231                 if (adb_handler[i].original_address == 0)
232                         continue;
233                 adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
234                             (i << 4) | 0xf);
235                 adb_handler[i].handler_id = req.reply[2];
236                 printk(" [%d]: %d %x", i, adb_handler[i].original_address,
237                        adb_handler[i].handler_id);
238                 devmask |= 1 << i;
239         }
240         printk("\n");
241         return devmask;
242 }
243
244 /*
245  * This kernel task handles ADB probing. It dies once probing is
246  * completed.
247  */
248 static int
249 adb_probe_task(void *x)
250 {
251         strcpy(current->comm, "kadbprobe");
252
253         printk(KERN_INFO "adb: starting probe task...\n");
254         do_adb_reset_bus();
255         printk(KERN_INFO "adb: finished probe task...\n");
256
257         adb_probe_task_pid = 0;
258         up(&adb_probe_mutex);
259
260         return 0;
261 }
262
263 static void
264 __adb_probe_task(struct work_struct *bullshit)
265 {
266         adb_probe_task_pid = kernel_thread(adb_probe_task, NULL, SIGCHLD | CLONE_KERNEL);
267 }
268
269 static DECLARE_WORK(adb_reset_work, __adb_probe_task);
270
271 int
272 adb_reset_bus(void)
273 {
274         if (__adb_probe_sync) {
275                 do_adb_reset_bus();
276                 return 0;
277         }
278
279         down(&adb_probe_mutex);
280         schedule_work(&adb_reset_work);
281         return 0;
282 }
283
284 int __init adb_init(void)
285 {
286         struct adb_driver *driver;
287         int i;
288
289 #ifdef CONFIG_PPC32
290         if (!machine_is(chrp) && !machine_is(powermac))
291                 return 0;
292 #endif
293 #ifdef CONFIG_MAC
294         if (!MACH_IS_MAC)
295                 return 0;
296 #endif
297
298         /* xmon may do early-init */
299         if (adb_inited)
300                 return 0;
301         adb_inited = 1;
302                 
303         adb_controller = NULL;
304
305         i = 0;
306         while ((driver = adb_driver_list[i++]) != NULL) {
307                 if (!driver->probe()) {
308                         adb_controller = driver;
309                         break;
310                 }
311         }
312         if ((adb_controller == NULL) || adb_controller->init()) {
313                 printk(KERN_WARNING "Warning: no ADB interface detected\n");
314                 adb_controller = NULL;
315         } else {
316 #ifdef CONFIG_PM_SLEEP
317                 pmu_register_sleep_notifier(&adb_sleep_notifier);
318 #endif /* CONFIG_PM */
319 #ifdef CONFIG_PPC
320                 if (machine_is_compatible("AAPL,PowerBook1998") ||
321                         machine_is_compatible("PowerBook1,1"))
322                         sleepy_trackpad = 1;
323 #endif /* CONFIG_PPC */
324                 init_completion(&adb_probe_task_comp);
325                 adbdev_init();
326                 adb_reset_bus();
327         }
328         return 0;
329 }
330
331 __initcall(adb_init);
332
333 #ifdef CONFIG_PM
334 /*
335  * notify clients before sleep and reset bus afterwards
336  */
337 void
338 adb_notify_sleep(struct pmu_sleep_notifier *self, int when)
339 {
340         switch (when) {
341         case PBOOK_SLEEP_REQUEST:
342                 adb_got_sleep = 1;
343                 /* We need to get a lock on the probe thread */
344                 down(&adb_probe_mutex);
345                 /* Stop autopoll */
346                 if (adb_controller->autopoll)
347                         adb_controller->autopoll(0);
348                 blocking_notifier_call_chain(&adb_client_list,
349                         ADB_MSG_POWERDOWN, NULL);
350                 break;
351         case PBOOK_WAKE:
352                 adb_got_sleep = 0;
353                 up(&adb_probe_mutex);
354                 adb_reset_bus();
355                 break;
356         }
357 }
358 #endif /* CONFIG_PM */
359
360 static int
361 do_adb_reset_bus(void)
362 {
363         int ret;
364         
365         if (adb_controller == NULL)
366                 return -ENXIO;
367                 
368         if (adb_controller->autopoll)
369                 adb_controller->autopoll(0);
370
371         blocking_notifier_call_chain(&adb_client_list,
372                 ADB_MSG_PRE_RESET, NULL);
373
374         if (sleepy_trackpad) {
375                 /* Let the trackpad settle down */
376                 adb_wait_ms(500);
377         }
378
379         down(&adb_handler_sem);
380         write_lock_irq(&adb_handler_lock);
381         memset(adb_handler, 0, sizeof(adb_handler));
382         write_unlock_irq(&adb_handler_lock);
383
384         /* That one is still a bit synchronous, oh well... */
385         if (adb_controller->reset_bus)
386                 ret = adb_controller->reset_bus();
387         else
388                 ret = 0;
389
390         if (sleepy_trackpad) {
391                 /* Let the trackpad settle down */
392                 adb_wait_ms(1500);
393         }
394
395         if (!ret) {
396                 autopoll_devs = adb_scan_bus();
397                 if (adb_controller->autopoll)
398                         adb_controller->autopoll(autopoll_devs);
399         }
400         up(&adb_handler_sem);
401
402         blocking_notifier_call_chain(&adb_client_list,
403                 ADB_MSG_POST_RESET, NULL);
404         
405         return ret;
406 }
407
408 void
409 adb_poll(void)
410 {
411         if ((adb_controller == NULL)||(adb_controller->poll == NULL))
412                 return;
413         adb_controller->poll();
414 }
415
416 static void
417 adb_probe_wakeup(struct adb_request *req)
418 {
419         complete(&adb_probe_task_comp);
420 }
421
422 /* Static request used during probe */
423 static struct adb_request adb_sreq;
424 static unsigned long adb_sreq_lock; // Use semaphore ! */ 
425
426 int
427 adb_request(struct adb_request *req, void (*done)(struct adb_request *),
428             int flags, int nbytes, ...)
429 {
430         va_list list;
431         int i, use_sreq;
432         int rc;
433
434         if ((adb_controller == NULL) || (adb_controller->send_request == NULL))
435                 return -ENXIO;
436         if (nbytes < 1)
437                 return -EINVAL;
438         if (req == NULL && (flags & ADBREQ_NOSEND))
439                 return -EINVAL;
440         
441         if (req == NULL) {
442                 if (test_and_set_bit(0,&adb_sreq_lock)) {
443                         printk("adb.c: Warning: contention on static request !\n");
444                         return -EPERM;
445                 }
446                 req = &adb_sreq;
447                 flags |= ADBREQ_SYNC;
448                 use_sreq = 1;
449         } else
450                 use_sreq = 0;
451         req->nbytes = nbytes+1;
452         req->done = done;
453         req->reply_expected = flags & ADBREQ_REPLY;
454         req->data[0] = ADB_PACKET;
455         va_start(list, nbytes);
456         for (i = 0; i < nbytes; ++i)
457                 req->data[i+1] = va_arg(list, int);
458         va_end(list);
459
460         if (flags & ADBREQ_NOSEND)
461                 return 0;
462
463         /* Synchronous requests send from the probe thread cause it to
464          * block. Beware that the "done" callback will be overriden !
465          */
466         if ((flags & ADBREQ_SYNC) &&
467             (current->pid && adb_probe_task_pid &&
468             adb_probe_task_pid == current->pid)) {
469                 req->done = adb_probe_wakeup;
470                 rc = adb_controller->send_request(req, 0);
471                 if (rc || req->complete)
472                         goto bail;
473                 wait_for_completion(&adb_probe_task_comp);
474                 rc = 0;
475                 goto bail;
476         }
477
478         rc = adb_controller->send_request(req, flags & ADBREQ_SYNC);
479 bail:
480         if (use_sreq)
481                 clear_bit(0, &adb_sreq_lock);
482
483         return rc;
484 }
485
486  /* Ultimately this should return the number of devices with
487     the given default id.
488     And it does it now ! Note: changed behaviour: This function
489     will now register if default_id _and_ handler_id both match
490     but handler_id can be left to 0 to match with default_id only.
491     When handler_id is set, this function will try to adjust
492     the handler_id id it doesn't match. */
493 int
494 adb_register(int default_id, int handler_id, struct adb_ids *ids,
495              void (*handler)(unsigned char *, int, int))
496 {
497         int i;
498
499         down(&adb_handler_sem);
500         ids->nids = 0;
501         for (i = 1; i < 16; i++) {
502                 if ((adb_handler[i].original_address == default_id) &&
503                     (!handler_id || (handler_id == adb_handler[i].handler_id) || 
504                     try_handler_change(i, handler_id))) {
505                         if (adb_handler[i].handler != 0) {
506                                 printk(KERN_ERR
507                                        "Two handlers for ADB device %d\n",
508                                        default_id);
509                                 continue;
510                         }
511                         write_lock_irq(&adb_handler_lock);
512                         adb_handler[i].handler = handler;
513                         write_unlock_irq(&adb_handler_lock);
514                         ids->id[ids->nids++] = i;
515                 }
516         }
517         up(&adb_handler_sem);
518         return ids->nids;
519 }
520
521 int
522 adb_unregister(int index)
523 {
524         int ret = -ENODEV;
525
526         down(&adb_handler_sem);
527         write_lock_irq(&adb_handler_lock);
528         if (adb_handler[index].handler) {
529                 while(adb_handler[index].busy) {
530                         write_unlock_irq(&adb_handler_lock);
531                         yield();
532                         write_lock_irq(&adb_handler_lock);
533                 }
534                 ret = 0;
535                 adb_handler[index].handler = NULL;
536         }
537         write_unlock_irq(&adb_handler_lock);
538         up(&adb_handler_sem);
539         return ret;
540 }
541
542 void
543 adb_input(unsigned char *buf, int nb, int autopoll)
544 {
545         int i, id;
546         static int dump_adb_input = 0;
547         unsigned long flags;
548         
549         void (*handler)(unsigned char *, int, int);
550
551         /* We skip keystrokes and mouse moves when the sleep process
552          * has been started. We stop autopoll, but this is another security
553          */
554         if (adb_got_sleep)
555                 return;
556                 
557         id = buf[0] >> 4;
558         if (dump_adb_input) {
559                 printk(KERN_INFO "adb packet: ");
560                 for (i = 0; i < nb; ++i)
561                         printk(" %x", buf[i]);
562                 printk(", id = %d\n", id);
563         }
564         write_lock_irqsave(&adb_handler_lock, flags);
565         handler = adb_handler[id].handler;
566         if (handler != NULL)
567                 adb_handler[id].busy = 1;
568         write_unlock_irqrestore(&adb_handler_lock, flags);
569         if (handler != NULL) {
570                 (*handler)(buf, nb, autopoll);
571                 wmb();
572                 adb_handler[id].busy = 0;
573         }
574                 
575 }
576
577 /* Try to change handler to new_id. Will return 1 if successful. */
578 static int try_handler_change(int address, int new_id)
579 {
580         struct adb_request req;
581
582         if (adb_handler[address].handler_id == new_id)
583             return 1;
584         adb_request(&req, NULL, ADBREQ_SYNC, 3,
585             ADB_WRITEREG(address, 3), address | 0x20, new_id);
586         adb_request(&req, NULL, ADBREQ_SYNC | ADBREQ_REPLY, 1,
587             ADB_READREG(address, 3));
588         if (req.reply_len < 2)
589             return 0;
590         if (req.reply[2] != new_id)
591             return 0;
592         adb_handler[address].handler_id = req.reply[2];
593
594         return 1;
595 }
596
597 int
598 adb_try_handler_change(int address, int new_id)
599 {
600         int ret;
601
602         down(&adb_handler_sem);
603         ret = try_handler_change(address, new_id);
604         up(&adb_handler_sem);
605         return ret;
606 }
607
608 int
609 adb_get_infos(int address, int *original_address, int *handler_id)
610 {
611         down(&adb_handler_sem);
612         *original_address = adb_handler[address].original_address;
613         *handler_id = adb_handler[address].handler_id;
614         up(&adb_handler_sem);
615
616         return (*original_address != 0);
617 }
618
619
620 /*
621  * /dev/adb device driver.
622  */
623
624 #define ADB_MAJOR       56      /* major number for /dev/adb */
625
626 struct adbdev_state {
627         spinlock_t      lock;
628         atomic_t        n_pending;
629         struct adb_request *completed;
630         wait_queue_head_t wait_queue;
631         int             inuse;
632 };
633
634 static void adb_write_done(struct adb_request *req)
635 {
636         struct adbdev_state *state = (struct adbdev_state *) req->arg;
637         unsigned long flags;
638
639         if (!req->complete) {
640                 req->reply_len = 0;
641                 req->complete = 1;
642         }
643         spin_lock_irqsave(&state->lock, flags);
644         atomic_dec(&state->n_pending);
645         if (!state->inuse) {
646                 kfree(req);
647                 if (atomic_read(&state->n_pending) == 0) {
648                         spin_unlock_irqrestore(&state->lock, flags);
649                         kfree(state);
650                         return;
651                 }
652         } else {
653                 struct adb_request **ap = &state->completed;
654                 while (*ap != NULL)
655                         ap = &(*ap)->next;
656                 req->next = NULL;
657                 *ap = req;
658                 wake_up_interruptible(&state->wait_queue);
659         }
660         spin_unlock_irqrestore(&state->lock, flags);
661 }
662
663 static int
664 do_adb_query(struct adb_request *req)
665 {
666         int     ret = -EINVAL;
667
668         switch(req->data[1])
669         {
670         case ADB_QUERY_GETDEVINFO:
671                 if (req->nbytes < 3)
672                         break;
673                 down(&adb_handler_sem);
674                 req->reply[0] = adb_handler[req->data[2]].original_address;
675                 req->reply[1] = adb_handler[req->data[2]].handler_id;
676                 up(&adb_handler_sem);
677                 req->complete = 1;
678                 req->reply_len = 2;
679                 adb_write_done(req);
680                 ret = 0;
681                 break;
682         }
683         return ret;
684 }
685
686 static int adb_open(struct inode *inode, struct file *file)
687 {
688         struct adbdev_state *state;
689
690         if (iminor(inode) > 0 || adb_controller == NULL)
691                 return -ENXIO;
692         state = kmalloc(sizeof(struct adbdev_state), GFP_KERNEL);
693         if (state == 0)
694                 return -ENOMEM;
695         file->private_data = state;
696         spin_lock_init(&state->lock);
697         atomic_set(&state->n_pending, 0);
698         state->completed = NULL;
699         init_waitqueue_head(&state->wait_queue);
700         state->inuse = 1;
701
702         return 0;
703 }
704
705 static int adb_release(struct inode *inode, struct file *file)
706 {
707         struct adbdev_state *state = file->private_data;
708         unsigned long flags;
709
710         lock_kernel();
711         if (state) {
712                 file->private_data = NULL;
713                 spin_lock_irqsave(&state->lock, flags);
714                 if (atomic_read(&state->n_pending) == 0
715                     && state->completed == NULL) {
716                         spin_unlock_irqrestore(&state->lock, flags);
717                         kfree(state);
718                 } else {
719                         state->inuse = 0;
720                         spin_unlock_irqrestore(&state->lock, flags);
721                 }
722         }
723         unlock_kernel();
724         return 0;
725 }
726
727 static ssize_t adb_read(struct file *file, char __user *buf,
728                         size_t count, loff_t *ppos)
729 {
730         int ret = 0;
731         struct adbdev_state *state = file->private_data;
732         struct adb_request *req;
733         wait_queue_t wait = __WAITQUEUE_INITIALIZER(wait,current);
734         unsigned long flags;
735
736         if (count < 2)
737                 return -EINVAL;
738         if (count > sizeof(req->reply))
739                 count = sizeof(req->reply);
740         if (!access_ok(VERIFY_WRITE, buf, count))
741                 return -EFAULT;
742
743         req = NULL;
744         spin_lock_irqsave(&state->lock, flags);
745         add_wait_queue(&state->wait_queue, &wait);
746         current->state = TASK_INTERRUPTIBLE;
747
748         for (;;) {
749                 req = state->completed;
750                 if (req != NULL)
751                         state->completed = req->next;
752                 else if (atomic_read(&state->n_pending) == 0)
753                         ret = -EIO;
754                 if (req != NULL || ret != 0)
755                         break;
756                 
757                 if (file->f_flags & O_NONBLOCK) {
758                         ret = -EAGAIN;
759                         break;
760                 }
761                 if (signal_pending(current)) {
762                         ret = -ERESTARTSYS;
763                         break;
764                 }
765                 spin_unlock_irqrestore(&state->lock, flags);
766                 schedule();
767                 spin_lock_irqsave(&state->lock, flags);
768         }
769
770         current->state = TASK_RUNNING;
771         remove_wait_queue(&state->wait_queue, &wait);
772         spin_unlock_irqrestore(&state->lock, flags);
773         
774         if (ret)
775                 return ret;
776
777         ret = req->reply_len;
778         if (ret > count)
779                 ret = count;
780         if (ret > 0 && copy_to_user(buf, req->reply, ret))
781                 ret = -EFAULT;
782
783         kfree(req);
784         return ret;
785 }
786
787 static ssize_t adb_write(struct file *file, const char __user *buf,
788                          size_t count, loff_t *ppos)
789 {
790         int ret/*, i*/;
791         struct adbdev_state *state = file->private_data;
792         struct adb_request *req;
793
794         if (count < 2 || count > sizeof(req->data))
795                 return -EINVAL;
796         if (adb_controller == NULL)
797                 return -ENXIO;
798         if (!access_ok(VERIFY_READ, buf, count))
799                 return -EFAULT;
800
801         req = kmalloc(sizeof(struct adb_request),
802                                              GFP_KERNEL);
803         if (req == NULL)
804                 return -ENOMEM;
805
806         req->nbytes = count;
807         req->done = adb_write_done;
808         req->arg = (void *) state;
809         req->complete = 0;
810         
811         ret = -EFAULT;
812         if (copy_from_user(req->data, buf, count))
813                 goto out;
814
815         atomic_inc(&state->n_pending);
816
817         /* If a probe is in progress or we are sleeping, wait for it to complete */
818         down(&adb_probe_mutex);
819
820         /* Queries are special requests sent to the ADB driver itself */
821         if (req->data[0] == ADB_QUERY) {
822                 if (count > 1)
823                         ret = do_adb_query(req);
824                 else
825                         ret = -EINVAL;
826                 up(&adb_probe_mutex);
827         }
828         /* Special case for ADB_BUSRESET request, all others are sent to
829            the controller */
830         else if ((req->data[0] == ADB_PACKET)&&(count > 1)
831                 &&(req->data[1] == ADB_BUSRESET)) {
832                 ret = do_adb_reset_bus();
833                 up(&adb_probe_mutex);
834                 atomic_dec(&state->n_pending);
835                 if (ret == 0)
836                         ret = count;
837                 goto out;
838         } else {        
839                 req->reply_expected = ((req->data[1] & 0xc) == 0xc);
840                 if (adb_controller && adb_controller->send_request)
841                         ret = adb_controller->send_request(req, 0);
842                 else
843                         ret = -ENXIO;
844                 up(&adb_probe_mutex);
845         }
846
847         if (ret != 0) {
848                 atomic_dec(&state->n_pending);
849                 goto out;
850         }
851         return count;
852
853 out:
854         kfree(req);
855         return ret;
856 }
857
858 static const struct file_operations adb_fops = {
859         .owner          = THIS_MODULE,
860         .llseek         = no_llseek,
861         .read           = adb_read,
862         .write          = adb_write,
863         .open           = adb_open,
864         .release        = adb_release,
865 };
866
867 static void
868 adbdev_init(void)
869 {
870         if (register_chrdev(ADB_MAJOR, "adb", &adb_fops)) {
871                 printk(KERN_ERR "adb: unable to get major %d\n", ADB_MAJOR);
872                 return;
873         }
874
875         adb_dev_class = class_create(THIS_MODULE, "adb");
876         if (IS_ERR(adb_dev_class))
877                 return;
878         class_device_create(adb_dev_class, NULL, MKDEV(ADB_MAJOR, 0), NULL, "adb");
879 }